[PATCH] tests: regenerate x509 test certificates
Julien Cristau
jcristau at debian.org
Sun Jul 17 03:02:07 EDT 2016
On Tue, Jul 12, 2016 at 22:28:34 -0700, Gregory Szorc wrote:
> +Now generate an expired certificate by turning back the system time:
> +
> + $ date --set='2016-01-01T00:00:00Z'
> + $ printf '.\n.\n.\n.\n.\nlocalhost\nhg at localhost\n' | \
> + openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out pub-expired.pem
> +
> +Generate a certificate not yet active by advancing the system time:
> +
> + $ date --set='2030-01-01T00:00:00Z'
> + $ printf '.\n.\n.\n.\n.\nlocalhost\nhg at localhost\n' | \
> + openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out pub-not-yet.pem
> +
> +Note: When adjusting system time, verify the time change sticks. If running
> +systemd, you may want to use `timedatectl set-ntp false` and e.g.
> +`timedatectl set-time '2016-01-01 00:00:00'` to set system time.
> +
FWIW, using faketime (https://github.com/wolfcw/libfaketime) makes these
a bit easier. Folded with the other suggestion, it becomes
faketime 2030-01-01T00:00:00Z \
openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg at localhost/'
Cheers,
Julien
More information about the Mercurial-devel
mailing list